Add: generate token in-process in icktool

author: Lars Wirzenius <liw@liw.fi> 2017-11-15 20:00:36 +0100
committer: Lars Wirzenius <liw@liw.fi> 2017-11-15 20:00:36 +0100
commit: 167b929e261698c1946626f09665779f9a1ea264 (patch)
tree: 804efc3ae11860e62de1d3b7aacefde9af4092e4 /icktool
parent: cae827600578959950358f65a2c3c9468fe36007 (diff)
download: ick2-167b929e261698c1946626f09665779f9a1ea264.tar.gz
1 files changed, 22 insertions, 2 deletions
diff --git a/icktool b/icktool
index b47b851..9cea74a 100755
--- a/icktool
+++ b/icktool
@@ -18,8 +18,11 @@
 import json
 import logging
 import sys
+import time
 
+import apifw
 import cliapp
+import Crypto.PublicKey.RSA
 import requests
 
 import ick2
@@ -341,9 +344,26 @@ class TokenGenerator:
         assert self._cmd is not None
         assert self._scopes is not None
 
+        # These should agree with how ick controller is configured.
+        # See the Ansible playbook. They should probably be
+        # configurable.
+        iss = 'localhost'
+        aud = 'localhost'
+
         privkey = cliapp.runcmd(['sh', '-c', self._cmd])
-        token = cliapp.runcmd(
-            ['./create-token', ' '.join(self._scopes)], feed_stdin=privkey)
+        key = Crypto.PublicKey.RSA.importKey(privkey)
+        scopes = ' '.join(self._scopes)
+
+        now = time.time()
+        claims = {
+            'iss': iss,
+            'sub': 'subject-uuid',
+            'aud': aud,
+            'exp': now + 86400,  # FIXME: This is silly long
+            'scope': scopes,
+        }
+
+        token = apifw.create_token(claims, key)
         return token.decode('ascii')
author	Lars Wirzenius <liw@liw.fi>	2017-11-15 20:00:36 +0100
committer	Lars Wirzenius <liw@liw.fi>	2017-11-15 20:00:36 +0100
commit	167b929e261698c1946626f09665779f9a1ea264 (patch)
tree	804efc3ae11860e62de1d3b7aacefde9af4092e4 /icktool
parent	cae827600578959950358f65a2c3c9468fe36007 (diff)
download	ick2-167b929e261698c1946626f09665779f9a1ea264.tar.gz